Multiple mail servers behind Zentyal

[itmltd]

Hi,

We have two internal mail servers behind Zentyal gateway. Each server has multiple mail domains to serve.

Is there a way to route incoming mails to appropriate internal mail servers?

Thanks,

[christian]

As far as I understand, no you can't, at least out of the box, MTA transferring only to local MDA.
This is an "all-in-one" design and mailboxes are stored on the unique Zentyal of your mail domain (there is no "mail delivery server concept)

Still there is a couple of things you could do:
- Not using Zentyal mail service: use port forwarding so that remote MTAs connect to your internal mail servers. Of course, this can't use Zentyal mail filter.
- customise your Zentyal configuration so that after mail filtering, mail routing is hard-coded to reach you internal mail servers (which means tell Zentyal not to search for local delivery and local users)

[BrettonWoods]

Christian I have multiple mail domains and the old web mail module uses the full user id.

I had to do a bit of hacking with postfix but it all works seemlessly with zarafa. Just all the users show up in the contact list even though the have different domains.

What I would do is run up a virtual server that is a simple inbound mail proxy so you can have the same mx but just route the mails to the right server.

All I am saying is that it is possible to run multiple domains on zentyal mmm thinking about it it might be the 123reg site running vanilla ubuntu. Its possible though its just a matter of a bit of customisation of the zentyal scripts.

Might be better explaining why multiple internal mail servers as getting your mail there is relatively easy.

Local client access to mail services is no problem.

external client access to mail services would require shifting ports so you could use the port forwarding. Networking ask christian not me
 

[christian]

All I am saying is that it is possible to run multiple domains on zentyal mmm thinking about it it might be the 123reg site running vanilla ubuntu. Its possible though its just a matter of a bit of customisation of the zentyal scripts.

For sure one can run multiple mail domains on Zentyal server even without any customization    but current question, if I understand well, is not this one.
Goal seems to deliver mail to different mail servers:
1 - this can"t be done with Zentyal without some customization
2 - with Zentyal as internet gateway

which makes me thinking that such mail servers are existing servers not running Zentyal
but I might be wrong...

[BrettonWoods]

Networks mail delivery I bow my head and say your the man for definitive answers.

Its just that I have done this with postfix acting as a proxy. Thinking along the lines of if I did it. It can't be very complex.

I was editing before you posted apols about that.

Was just saying it could be and maybe it might even be better if they just migrated to zentyal handling multiple domains.

Christian isn't often wrong and he isn't at all on this. But with a bit of tinkering Zentyal will not make this a no go.

[EDIT]
@itmltd apols shouldn't of jumped in, as I can't remember what I did but after delving with postfix its made a fan. I could never fathom exhange but postfix for me is really logical.

http://www.knowplace.org/pages/howtos/smtp_gateway_for_multiple_domains_with_postfix.php

I am like a postfix groupie at the moment but it does a lot of things quite simply.

[christian]

it could be and maybe it might even be better if they just migrated to zentyal handling multiple domains.
.../... But with a bit of tinkering Zentyal will not make this a no go.

We all agree that:
- it could be feasible with Zentyal
- even easier if migrating to front-end Zentyal server

However migrating to Zentyal is only a workaround due to Zentyal lack of capability to deliver mails elsewhere.

Migrating to Zentyal with current design has multiple side effects:
- there is only one single mail server per mail domain (i.e. you can't have one mail server per location if mail domain is unique)
- mailboxes are stored on server acting as internet gateway and this is not really suitable.

The all-in-one concept and design makes sense for SMBs having few servers and one single infrastructure server. Once you start having needs that are best covered with design made of multiple infrastructure servers, you quickly reach limits due to this all-in-one.
Mail is one example, high availability is another.

I'm not saying Zentyal is bad but mean that understanding limits of such design helps to select the right technical solution.

[itmltd]

Wow,

Actually amazed about responses in Zentyal forums. I was kinda correct to choose Zentyal as gateway server.

Mail servers are not Zentyal but both Linux based servers . I was doing SMTP routing in my old Endian Firewall, based on mail domains. I mean a lot of domains.

We will not be using Zentyals mail services, I only need to forward mails to their appropriate servers based on their recipient domain names.

I hope this info helps.

[BrettonWoods]

Apols was editing again and didn't notice. I will stop now with my postfix evangelism. The edit will explain

[christian]

Now that you have clarified your technical landscape, I would say that the 2 main directions are to:

1 - deal with IP addresses so that you can forward incoming SMTP requests through Zentyal. If I understand correctly, you will need at least on IP on Zentyal external interface per internal mail server (because dealing with different port is not a option here). This direction means that Zentyal can't be used to filter mail (anti-virus, spam etc) and you should not install and start mail service on Zentyal server.
 
2 - Handle incoming mails at Zentyal level: this means to install mail module (+ mail filtering as this is the main advantage of such front-end MTA). At this stage, blocking point when using standard Zentyal mail configuration is that Zentyal expects only local delivery while you expect only routing. This means that you need to allow relaying to mail domains you manage internally.

What is not yet 100% clear to me (I didn't check it so far with Zentyal) is how Zentyal will deal with MX to find what's the next step to deliver incoming mail to the right "internal" MTA. You have to keep in in that there is, at least for the time being, no split DNS. configuring Zentyal to use 127.0.0.1 should permit to define MX records for each domain (this means to define such domains too) so that mail routing uses DNS to find MX pointing to internal server. Well something like this... to be clarified.

Do not forget that modifying directly /etc/postifx/main.cf and master.cf will not work due to use of templates. Have a look here to understand how to implement configuration customization.

I hope this helps.

[BrettonWoods]

http://www.bynari.net/how_do_i_configure_postfix_to_route_mail_to_an_internal_domain/

Apols but it is my current love affair with postfix. You can actually bypass dns and mx and just point to an IP.

Postfix for me is the swiss army smtp server. So if it was about using Zentyal as a gateway then the only consideration for me was external imap / pop requests.

Don't know why but I made the assumption that you work in the manner for want of a better description "Call Center", loads of domains rather than clients. All the mail needs routing to internal servers where pop / imap whatever is done internally.

Christian has put a few solid solutions down but you could also use a single IP with Zentyal as a gateway with postfix being the piggy in the middle acting purely as an incoming router and outgoing relay.

In the post you say you have existing mail servers so I am also presuming you have quite a bit of infrastructure and you are think of using zentyal as purely a advanced gateway server?

I have done the rounds with firewall routers from pfsense to endian and even ipcop I always return to one place and that is Zentyal.
My personal opinion is there are two leading gateway servers and obviously I say Zentyal. I am a fan of opensource so I will say ClearOS is a great piece of software.
I have strong reasons for this and feel that sometimes CentOS is a little slow with releases and if your a Debian / Ubuntu person then thats your choice Zentyal.

I always found the other firewalls superb bits of kit but always missed just one key item.

If your handling quite a bit of traffic then I would definitely get in touch with zentyal.

Talking about swiss army SMB servers and the use of enterprise grade services like postfix is that I often have customisation needs. Zentyal allows you to assemble several forms of infrastructure at the press of a button. Its this instant base that you can use as a template to add your too your solution for your particular needs.

It gives you a simple common interface to quickly create a server. As far as I remember even if the other firewalls did have scripting possibilities I am finding Zentyal easier.

Zentyal is a superb gateway server if I was going to use :-
Firewall
IDS\IPS
Trafic management
Traffic balancing 
Wan Failover.
RAID
Events (Notifications)
Proxy
VPN
DHCP
DNS
Portforwarding
NAT/SNAT
UPS

And the ones I forgot but that can be assembled quickly and maybe either just add postfix manually or customise the mail offering.
The Zentyal support team are a no brainer on this sort of stuff as with a good combination of design and hardware it can scale well.

PS

These are pure guesses to your operation but its more of an example of using zentyal. Its really good as a platform for various solutions, with a bit of scripting you can add custom functions. The example had an LDAP script which with mail can accomplish some good solutions. If your internal servers are running ldap then you can use that for your routing and filtering on the zentyal based mail gateway.
Its a learning curve thing or there is a support crew to make the time and effort a breeze.

Great thing about post fix is the wealth of infomation and when it comes to smpt there isn't much it cant do.
http://www.postfix.org/FILTER_README.html